httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Ames <ames.g...@gmail.com>
Subject Re: DoS with mod_deflate & range requests
Date Tue, 23 Aug 2011 21:00:34 GMT
On Tue, Aug 23, 2011 at 3:32 PM, William A. Rowe Jr. <wrowe@rowe-clan.net>wrote:

>
> I suggest we should be parsing and reassembling the list before we
> start the bucket logic.
>


> I propose we satisfy range requests in the only sensible manner, returning
> the ranges in sequence,
>

yeah, overlapping ranges should be merged up front. That ought to completely
fix the issue.

fwiw, I played with the script to create the attack and noticed this:

Content-Length: 950883

That's probably the sum of the overlapping ranges.  My original file is 3929
bytes long.

Greg

Mime
View raw message